Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-52716

Be able to restrict anonymous REST API connection when Confluence has Anonymous Access

    XMLWordPrintable

Details

    • 2
    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Facts
      1. The "Anonymous Access to Remote API" checkbox button is for SOAP/XML-RPC and not for REST API
      2. There is no equivalent control of REST API in Confluence
      Expectation

      Be able to restrict anonymous Remote API access to confluence even though Confluence has "Anonymous Access" enabled on UI side

      Sample use case:

      If users would like to have spaces with anonymous access via theUI, but we want to keep the API restricted.
      For example, if users has a reverse proxy in front of their Confluence installation which implements certain security checks, and they do not want people to be able to access content without having first passed through this layer. The security checks rely on a browser, so they cannot easily pass requests to the REST API through it.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-52360 Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              mkhairuliana Monique Khairuliana (Inactive)
              Votes:
              9 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated: